Sony Hack: Information Security Is Everyone’s Job—Even Marketers’

"Marketer's Note" is a regular column informing marketers about the rapidly evolving, digital marketing technology ecosystem. This week it is written by Melissa Parrish, Executive Director, AdExchanger Research.

Typically, marketers and information security pros don’t get along. To marketers, security staffers are the guys who always say no: No, you can’t collect that data. No, you can’t store it there. No, you can’t use it in that way. To security staffers, marketers are so focused on revenue that they routinely overlook obvious security threats and their potential consequences.

In the case of Sony, both parties have some soul searching to do. Part of the hack revealed thousands of usernames and passwords from throughout the company stored in plaintext format in unencrypted files sitting on a companywide file share. Apparently many of those passwords belong to the marketing function, including those for social media accounts. It also appears that after the PlayStation hack of 2011, crucial security upgrades – which would likely have narrowed the scope of the current breach but perhaps not have prevented it entirely – were never fully implemented. I’m no security expert, but these both strike me as obvious misses.

Obviously with the scale of this particular breach, compromised Twitter profiles or Facebook pages would’ve been among the least of Sony’s problems. But imagine if it was your company that was hacked, every digital marketing campaign across your organization was turned to some nefarious use and you didn’t have an international incident to hide behind.

Many column inches have been dedicated to the brand damage Sony has suffered and may continue to suffer. But instead of just sympathizing, it’s imperative that marketers take action to prevent their companies suffering this way in the future. The CMO/CIO divide is a topic that’s always ripe for venting, but the Sony hack is another clear example of why brands must bridge the organizational gap between them. Good security doesn’t just keep your information safe – it keeps your brand safe. Instead of just complaining about what security staffers don’t let us do, it’s time to start asking what we can do to help them keep our companies out of the hackers’ line of fire.